Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/ejg4wtNKItJsMO6oBKGqcUV13hA.roa
File:                     ejg4wtNKItJsMO6oBKGqcUV13hA.roa (raw, json)
Hash identifier:          uDEJ6nON2QCwf1RTwGPfnwbj2l3S8lfhmLNgu8NhaB0=
Subject key identifier:   7A:38:38:C2:D3:4A:22:D2:6C:30:EE:A8:04:A1:AA:71:45:75:DE:10
Certificate issuer:       /CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
Certificate serial:       018844DBF0A2F83C16359E0EA81A396EB7B6
Authority key identifier: 7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/ejg4wtNKItJsMO6oBKGqcUV13hA.roa
Signing time:             Mon 22 May 2023 19:07:24 +0000
ROA not before:           Mon 22 May 2023 19:07:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20722
IP address blocks:        85.204.44.0/24 maxlen: 24
                          194.102.188.0/24 maxlen: 24
                          185.88.130.0/23 maxlen: 23
                          185.88.131.0/24 maxlen: 24
                          185.88.128.0/22 maxlen: 22
                          185.88.129.0/24 maxlen: 24
                          85.204.56.0/21 maxlen: 21
                          85.204.56.0/24 maxlen: 24
                          85.204.57.0/24 maxlen: 24
                          85.204.58.0/24 maxlen: 24
                          85.204.59.0/24 maxlen: 24
                          85.204.60.0/24 maxlen: 24
                          85.204.61.0/24 maxlen: 24
                          85.204.62.0/24 maxlen: 24
                          85.204.63.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:44:db:f0:a2:f8:3c:16:35:9e:0e:a8:1a:39:6e:b7:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
        Validity
            Not Before: May 22 19:07:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7a3838c2d34a22d26c30eea804a1aa714575de10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:47:ee:af:b4:2b:e2:ab:78:16:b7:21:ee:82:
                    80:71:94:6e:ea:69:5a:22:e3:ad:12:14:53:0a:39:
                    37:65:15:40:05:a3:f6:33:e2:2f:b9:41:9f:4f:d6:
                    ae:34:82:53:be:9f:f2:9c:da:6a:ce:64:2b:3d:f2:
                    94:06:23:8f:3b:ed:a5:b0:ff:25:10:17:20:cf:22:
                    ff:de:3e:c3:b2:ce:40:e7:08:f6:91:c1:26:06:bc:
                    a1:e9:dd:47:d7:ad:5c:ff:a6:4f:25:89:14:69:25:
                    0a:5f:8e:42:c1:9b:ac:e1:d2:bc:a6:9f:46:0b:c0:
                    a0:e0:57:7d:da:a1:cf:eb:6d:00:d5:b3:46:b7:68:
                    ce:f2:be:03:5a:51:6c:98:54:0b:12:94:2a:e0:fc:
                    a4:57:0b:76:9e:b0:b3:b4:6b:39:30:42:68:ca:a8:
                    f0:29:44:d9:21:25:b1:cf:2d:73:68:34:04:66:ce:
                    37:42:6b:37:ac:7e:5e:f9:19:84:e7:8f:2d:8e:3d:
                    cd:20:a1:11:02:ff:fb:ad:b6:f0:c7:d2:10:2d:61:
                    64:3a:59:ed:90:79:f1:d2:e2:2f:7e:27:2e:16:da:
                    bb:32:06:05:33:8a:9f:be:df:64:0b:06:a8:e1:da:
                    34:c2:ae:7a:8f:55:e3:39:d2:21:bf:0e:4f:91:2e:
                    3b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:38:38:C2:D3:4A:22:D2:6C:30:EE:A8:04:A1:AA:71:45:75:DE:10
            X509v3 Authority Key Identifier:
                keyid:7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/ejg4wtNKItJsMO6oBKGqcUV13hA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.44.0/24
                  85.204.56.0/21
                  185.88.128.0/22
                  194.102.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:b6:cc:92:4a:28:56:78:3f:15:52:93:f4:fc:97:3b:36:a9:
         b6:35:e3:99:15:bb:d1:55:ba:54:f9:6f:82:6d:4c:ff:ed:c9:
         da:7a:b4:1d:d1:14:bf:ff:e7:17:b8:a0:94:a1:69:ce:19:82:
         bd:c0:27:d2:a5:e7:52:e4:a0:c1:f0:9d:f3:4c:82:03:eb:22:
         c4:7c:f2:a3:93:56:72:6f:86:40:b9:ca:91:d7:43:a9:f2:17:
         95:62:9d:65:c0:06:23:df:cf:65:e5:64:89:49:e3:ce:22:b3:
         fc:5c:c5:a3:4b:0f:c6:08:b4:e1:89:40:59:a1:cb:43:92:0c:
         31:3b:31:e6:cc:05:6a:ff:52:9a:ac:35:0d:b8:e6:66:67:5c:
         13:0d:9d:58:e8:74:17:ee:d9:aa:1e:6d:aa:62:12:f7:20:97:
         ed:ac:f2:bf:88:01:0f:58:e4:6c:6e:0f:a0:29:70:eb:fa:b2:
         b1:19:1f:82:79:43:6d:d6:da:bc:fa:35:d1:b8:8c:76:bc:ee:
         5a:d6:08:a6:7b:4b:08:ca:e4:d3:01:49:2c:dd:76:b4:81:10:
         6f:78:e0:a2:05:65:52:0a:26:fe:c2:1f:ed:14:46:f4:17:f8:
         5e:4b:2c:69:6b:fb:76:95:9d:bd:01:66:58:d4:c5:c6:15:b5:
         c3:7c:85:ac
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYhE2/Ci+DwWNZ4OqBo5bre2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZWYwNjllN2UzZWQ1YmY3MGY2ODJjZTQwYzU4MTBmZjNl
NWUzNzgwHhcNMjMwNTIyMTkwNzI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTM4MzhjMmQzNGEyMmQyNmMzMGVlYTgwNGExYWE3MTQ1NzVkZTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUfur7Qr4qt4Frch7oKAcZRu6mla
IuOtEhRTCjk3ZRVABaP2M+IvuUGfT9auNIJTvp/ynNpqzmQrPfKUBiOPO+2lsP8l
EBcgzyL/3j7Dss5A5wj2kcEmBryh6d1H161c/6ZPJYkUaSUKX45CwZus4dK8pp9G
C8Cg4Fd92qHP620A1bNGt2jO8r4DWlFsmFQLEpQq4PykVwt2nrCztGs5MEJoyqjw
KUTZISWxzy1zaDQEZs43Qms3rH5e+RmE548tjj3NIKERAv/7rbbwx9IQLWFkOlnt
kHnx0uIvficuFtq7MgYFM4qfvt9kCwao4do0wq56j1XjOdIhvw5PkS47RwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHo4OMLTSiLSbDDuqAShqnFFdd4QMB8GA1UdIwQY
MBaAFHrvBp5+PtW/cPaCzkDFgQ/z5eN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmIt
OTAwMDM0ZjAwZDllLzEvZWpnNHd0TktJdEpzTU82b0JLR3FjVVYxM2hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmItOTAwMDM0ZjAwZDll
LzEvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVcwsAwQD
Vcw4AwQCuViAAwQAwma8MA0GCSqGSIb3DQEBCwUAA4IBAQBAtsySSihWeD8VUpP0
/Jc7Nqm2NeOZFbvRVbpU+W+CbUz/7cnaerQd0RS//+cXuKCUoWnOGYK9wCfSpedS
5KDB8J3zTIID6yLEfPKjk1Zyb4ZAucqR10Op8heVYp1lwAYj389l5WSJSePOIrP8
XMWjSw/GCLThiUBZoctDkgwxOzHmzAVq/1KarDUNuOZmZ1wTDZ1Y6HQX7tmqHm2q
YhL3IJftrPK/iAEPWORsbg+gKXDr+rKxGR+CeUNt1tq8+jXRuIx2vO5a1gime0sI
yuTTAUks3Xa0gRBveOCiBWVSCib+wh/tFEb0F/heSyxpa/t2lZ29AWZY1MXGFbXD
fIWs
-----END CERTIFICATE-----